expire checks
Chris Adams
cmadams at hiwaay.net
Sat Apr 27 00:09:12 EST 2002
Once upon a time, Damien Miller <djm at mindrot.org> said:
> > I've been meaning to ask: what exactly _is_ privsep (is there some
> > documentation somewhere)? I'll see how things go on OSF/1 aka Tru64
> > with privsep as soon as I know how to try. :-)
>
> http://www.citi.umich.edu/u/provos/ssh/privsep.html
Okay, I'm looking at this now. One suggestion: it could use a little
more documentation (things like "/var/empty" and such).
However, it does not work on Tru64. The problem is that
session_setup_sia(), currently called from session.c/do_child(), needs
to run as root. It accesses the protected password database to verify
the account is active and to log the access (most recent access is
logged in the protected password database).
I'm still trying to get a handle on how privsep works in the code; any
suggestions for how to handle this?
--
Chris Adams <cmadams at hiwaay.net>
Systems and Network Administrator - HiWAAY Internet Services
I don't speak for anybody but myself - that's enough trouble.
More information about the openssh-unix-dev
mailing list